Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

The Storm Worm Is Not Causing the Sky to Fall

The scope of the Storm botnet, made up of zombie computers controlled remotely and used to blanket the world in spam, has been estimated to reach from 1 million to 50 million infected systems as of September.

But has it really?

Those numbers have reached epic and steadily growing proportions in the media, but they well may be off. SecureWorks thinks the Storm botnet may comprise between 250,000 to 1 million bots overall—"not a terrible threat," says Joe Stewart, senior security researcher for SecureWorks.

Microsoft's Malicious Software Removal Tool cleaned it off about 300,000 hosts recently—a number that would be far greater if the botnet were really running on a 50-million-botnet engine, Stewart says.

As for why the numbers have been pumped so high, it might be that some researchers are counting the total number of peers talking on the Overnet P2P protocol, he suggested. Using that figure wouldn't discriminate between systems compromised with Storm from normal peers talking to each other, however.

"Overnet is not just Storm; it's all these other clients. They could be counting the entire P2P network," he said.

For those who like to keep track of what worms or virus families are at the top of the risk list, Microsoft ran some numbers for me on the morning of Oct. 16 PST, based on MSRT telemetry from the October release. The current ranking:

The Storm virus rate has dropped from No. 3 on the list to No. 10, right below all the worms listed above.

Here's why:

"Storm has dropped on the list because during the first month after the MSRT is updated to remove new malware variants, the MSRT will clean all the available machines that have been infected in the past by this malware. In subsequent months, the MSRT will clean up the machines that are re-infected as well as those that are running MSRT for the first time," a Microsoft spokesperson said in an e-mail.